CLOUD SECURITY

Risks & Recommendations For New Entrants

INTRODUCTION

Vivek Mathur Vice President

Bhumishq Technologies Ltd.

– Data Centre Hosting

– Cloud Services Provider

Views expressed are not necessarily that of organization.

CLOUD

‘The cloud is inevitable. Cloud Computing will fundamentally change

the IT-industry. The question that remains is how fast this will happen.

We are still at the beginning. But I tell the customers: Now is the time

to jump on the bandwagon. From 2012 on more than 90 percent of

Microsoft developers will work on applications and technologies for

the cloud.’

- Steve Ballmer , CEO Microsoft

Pain

No of Slides

20 Slides

Severe Risk of Harm

CLOUD

So what is Cloud Computing?

67 DEFINITIONS !!

INTRODUCTION

Definition #1

Wikipedia

Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

CLOUD

Definition #2 For Dummies Cloudcomputing is the next stage in the Internet's evolution, providing the means through which everything — from computing power to computing infrastructure, applications, business processes to personal collaboration — can be delivered to you as a service wherever and whenever you need. The “cloud” in cloud computing can be defined as the set of hardware, networks, storage, services, and interfaces that combine to deliver aspects of computing as a service. Cloud services include the delivery of software, infrastructure, and storage over the Internet (either as separate components or a complete platform) based on user demand. (See Cloud Computing Models for the lowdown on the way clouds are used.)

CLOUD

What is Cloud Computing Model?

28 Definitions

Pain

No of Slides

20 Slides

Severe Risk of Harm

CLOUD

NO DEFINITION

- Cloud is not a THING, it’s a transition

- Concept started in 1960 by John McCarthy

1960??

CLOUD

NO DEFINITION

- Cloud is not a THING, it’s a transition

- Concept started in 1960 by John McCarthy - Concept

- Suitability

- Technology

- Attitude

Can we understand Cloud in simple terms …please?

Fifth Generation of Computing

1970s

1980s

1990s

2000s

2010+

Cloud Origins: Adapting to the Market Data Center Evolution

Cloud Origins: Adapting to the Market Data Center Evolution

In a non-cloud view, there are inefficiencies

TIME

IT C

APA

CIT

Y

Actual Load

Allocated IT-capacities

“Waste“ of capacities

“Under-supply“ of capacities

Fixed cost of IT-capacities

Load Forecast

Barrier for innovations

However, in a Cloud View

Actual Load

Allocated IT capacities

Reduction of initial

investments

Reduction of “over-supply“

No “under-supply“

Possible reduction of IT-

capacities in case of reduced

load

Time

IT C

APA

CIT

Y

Load Forecast

Cloud Service Types Private

(On-Premise)

Storage

Server HW

Networking

Servers

Databases

Virtualization

Runtimes

Applications

Security & Integration

You

man

ag

e

Infrastructure (as a Service)

Storage

Server HW

Networking

Servers

Databases

Virtualization

Runtimes

Applications

Security & Integration

Man

ag

ed

by v

en

do

r

Yo

u m

an

ag

e

Platform (as a Service)

Storage

Server HW

Networking

Servers

Databases

Virtualization

Runtimes

Applications

Security & Integration

Man

ag

ed

by v

en

do

r

Yo

u m

an

ag

e

Software (as a Service)

Storage

Server HW

Networking

Servers

Databases

Virtualization

Runtimes

Applications

Security & Integration

Man

ag

ed

by v

en

do

r

CONVINCED. Should all adopt Cloud computing?

Cloud’s economies of scale and flexibility are both a friend and a foe from a security point of view.

RISKS & RECOMMENDATIONS

Risks

- Risk should always be understood in relation to

overall business opportunity and appetite for risk

- The risks of using cloud computing should be compared to the risks of staying with traditional solutions, such as desktop-based models.

- The level of risk will in many cases vary significantly with the type of cloud architecture being considered.

Top Risks

• Policy and Organizations Risks

• Technical Risks

• Legal Risks

POLICY AND ORGANIZATIONAL RISKS

• Lock-in

• Loss Of Governance

• Compliance Challenges

• Loss Of Business Reputation Due To Co-tenant Activities

• Cloud Service Termination or Failure

• Cloud Provider Acquisition

TECHNICAL RISKS

• Resource Exhaustion (Under Or Over Provisioning)

• Isolation Failure

• Cloud Provider Malicious Insider - Abuse Of High Privilege Roles

• Intercepting Data In Transit

• Distributed Denial Of Service (Ddos) / Economic Denial Of Service (Edos)

LEGAL RISKS

• Subpoena And E-discovery

• Risk From Changes Of Jurisdiction

• Data Protection Risks

TOP SECURITY BENEFITS

• Security and the Benefits Of Scale

• Security as a Market Differentiator

• Standardised Interfaces for Managed

• Rapid, Smart Scaling of Resources

• More Timely, Effective and Efficient Updates and Defaults

TOP RECOMMENDATIONS

1. Assess the risk of adopting cloud services

2. Compare different cloud provider offerings

3. Obtain assurance from selected cloud providers

4. Reduce the assurance burden on cloud providers

Closing Thoughts

Cloud is the future Cloud means different to different

persons

One-size fits all approach may not work Try it before you commit

THANK YOU

Vivek Mathur Email – vivek.mathur@bhumishq.com